E-mail authentication standard debated

At last month's FTC E-Mail Authentication Summit in Washington, D.C., and the INBOX East Show in Atlanta, technologists and policy-makers attempted to build some consensus as to which authentication platforms could best eradicate spam and improve delivery of legitimate e-mail messages. But progress bogged down as a war of entrenchment ensued between those who support Microsoft Corp.'s patent-pending Sender ID approach and those who want an open source solution.

Federal Trade Commission Commissioner Jon Leibowitz told attendees that e-mail authentication systems will reduce "phishing," make ISPs less reliant on their spam filters, help ISPs and law enforcement determine where spam comes from and ensure consumer trust in the Internet. But in deploying an authentication system-or combination of systems-the industry must ensure balance and flexibility to accommodate all users, he added. "Work up your plans and work out your differences," he said. "If we have competing authentication systems that do not work together, we may not have any that work."

Also at the FTC summit, open source advocates, led by Daniel Quinlan, VP of Apache Software Foundation, voiced concerns about the licensing requirements Microsoft might put in place if Sender ID were made the authentication standard. Meanwhile, other standards such as Sender Policy Framework and Yahoo!-proposed Domain Key authentication-a more encrypted approach to authentication-were discussed as possible solutions.

confusion and dismay

The stalemate continues to confuse and dismay marketers. Many are increasingly finding themselves blacklisted by corporate filtering systems and consumer ISPs for unknown reasons.

"It could be as simple as the fact [that] you send out e-mails in too great a quantity or have a few suspect addresses on your lists," said Chris Baggott, founder and chief marketing officer for e-mail service provider ExactTarget, at the INBOX East show, a more traditional vendor-IT buyer event held one week after the FTC summit. "Or as maddening as your double opt-in subscribers are reporting you as a spammer rather than unsubscribing from your e-newsletter. Or as frightening as getting hijacked by hackers who use your own servers to send out spam."

Spam hijacking recently scared Sara Melo-Pereira, marketing director for Benchmark Technologies International, away from e-mail campaigns. "I began to discover that many of my company's outward-bound messages were getting lost in the ether," Melo-Pereira said. "We're a small company, and it took us three months to figure out that our servers had been hijacked and were sending out spam at night."

Once you're blacklisted, it can be a long, arduous process to wipe the slate clean, said David Daniels, research director for JupiterResearch. "That's one reason why we see a major trend of companies turning to e-mail service providers to handle their e-mail marketing activities," Daniels said. "The ESPs work directly with the major ISPs and corporate IT departments, and can clear matters up much more quickly. But the major reason for outsourcing is so that the ESPs can handle all the technical demands ... so that marketers can focus on what they do best."

According to a recent JupiterResearch study, 47% of companies polled outsource this function to ESPs. "And we expect that number will continue to rise significantly in coming months as authentication starts taking hold," Daniels said.

Josh Baer, founder and CEO of e-mail service provider Skylist Inc., said that every e-mail marketer should be using some form of IP-based authentication. "You can publish your organization's SPF [Sender Policy Framework] record in an hour," he said. "There's no downside."

Once unified authentication standards are in place, it shouldn't be difficult to adapt to them, Baer said. "But setting up your SPF record now will immensely help your e-mail deliverability in the short term," he said.

However, few marketers have taken this first step, apparently preferring to wait on the sidelines, Baer said. "Very few marketers attended either the FTC summit or INBOX, probably because it's technically daunting," Baer said. "But it was disappointing that more weren't here to voice their concerns because they're ultimately going to be one of the groups most affected by whatever outcome is reached."

Baer said the unified e-mail authentication standards will be developed in the near future. "There is overwhelming agreement over the big issues at play; we're just hammering out the details," Baer said.

Truth be told, authentication-no matter what platform is used-is just the tip of the iceberg when it comes to dealing with spam, he added. "We want everyone to get authenticated," Baer said. "The next step is then scoring reputations-by receiver feedback-rather than through inexact filters to separate legitimate senders from those who should be blacklisted."

A financial solution

Some ISPs and vendors are staking their reputations on a more "put your money where your mouth is" approach, Daniels said.

It's a financial solution that one vendor, Ironmail, is calling "bonded sender," whereby you put money up front with an ISP to make sure you're not blacklisted, Daniels said. "For each time ISP members report that you're a spammer, the ISP pockets a part of that money."

There are also e-stamp systems in development, wherein marketers pay for each e-mail that's delivered, said George Bilbrey, VP-general manager of deliverability services for e-mail service provider Return Path. "However, I'm not sure how feasible that business model is for the long term," he said. "After all, one of the great appeals of e-mail as a marketing tool is that it's free."

Bilbrey also said that, while outsourcing the technical and deliverability aspects of e-mail marketing to ESPs is a sound practice, it won't solve all of marketers' e-mail problems. "In fact, 90% of problems can't be fixed by an ESP," he said. "Marketers need to continue to get more savvy about their messaging. It's still all about crafting the right message to reach the right person at the right time. No matter what the technical issues may be, the real key is relevancy, and if your e-mails aren't relevant, you won't succeed."